FIDO U2F Security Key
I received my FIDO USB key by Plug-up in the mail today after ordering it from Amazon about two weeks ago. An article on Internet security prompted the purchase after seeing that Google was endorsing the product and seeing that it serves as a very secure two-factor authentication method. With account hacking being increasingly pervasive, I figured for a few bucks it would be worth it to secure my Google account with the latest in hardware authentication. Considering how extensively I use my Google account, another layer of security could not be a bad thing, and well worth the investment.
The product shipped from France and of course took a while to get to me, a little over three weeks actually. But once it was here it was a simple matter of opening the envelope, popping the key out of its plastic shell, removing a piece of paper and folding a piece of plastic in half for me to be ready to register it to my Google account (you can register it to more than one and use more than one key per an account as well).
Once I registered the key and turned two-factor authentication back on, it was a piece of cake using the key to sign into my Google account on my laptop. I was pleasantly surprised to see that I also had to re-sign into my Google account in Chrome. Showing me that I had been signed out of all instances of my Google account. I confirmed this with my Google account on my desktop as well as my Chrome browser running there. Of course it was just a matter of sliding in my USB key when prompted to gain access, but I did have to remove it and reinsert it every time, not a big deal in the least.
On my phone I had to go with the default text message code for two-factor authentication. I believe there are NFC enabled keys out there that can eliminate this step though. I haven’t checked to see if my Google TV will accept the key or if I have to enter the code, but either way, I know that any and all instances of my Google account running have been signed out and without the USB key attached to my keychain, the only thing that will get someone in is a code sent to my phone. So, my account is as secure as it could possibly be at this point in time. Which feels good.
I recommend this product to anyone that uses their Google account for anything sensitive, this seems to be the best protection out there.